Tracking: User Information

[jaandrade3rd]

Many of the rules in our CP policy have Track set to Account. Although, the Record Details has a lot of information--the User field is always blank. Is there a way to populate this information?

We are a Microsoft shop and CP can talk to Active Directory.

TIA
Joe

[MarioL]

Track set to "Account" only means that the firewall will keep track of packets and bytes sent. That's how it works and another important thing to consider is that is degrades performance, so you might want to set it to "Log".

If you want to get user information on the logs, you need to create rules with authentication actions, rather than "Accept".

Anyway, if you are a MS house, what about having an ISA internally doing authentication and logging and then just allow that though the firewall? You can either put a good caching proxy upstream of the ISA, or even use it for caching too.

[jaandrade3rd]

Quote:

Originally Posted by MarioL

If you want to get user information on the logs, you need to create rules with authentication actions, rather than "Accept".

Anyway, if you are a MS house, what about having an ISA internally doing authentication and logging and then just allow that though the firewall? You can either put a good caching proxy upstream of the ISA, or even use it for caching too.

Created a rule with Source 'IE-Users@any' and Action 'User Auth' but the test PC nevers seems to hit the rule. The PC hits the last rule (source/destination 'ANY' action 'drop') and is prompted for authentication. In Checkpoint, IE-Users is a member of 'LDAP Groups'. In Global Properties|SmarDirectory (LDAP) does the 'Use SmarDirectory for VPN-1 gateway need to be selected for this to work? We do not want to manage LDAP/Active Directory through the Checkpoint, only retrieve information.

We are moving away from ISA servers because it impedes much of our internal traffic and is recommended by examiners.